vulnerability
CSP Headers - Using 'unsafe-inline' or 'unsafe-eval' is not recommended.
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:M/Au:N/C:P/I:N/A:N) | 2016-01-01 | 2018-06-27 | 2018-06-27 |
Severity
2
CVSS
(AV:L/AC:M/Au:N/C:P/I:N/A:N)
Published
2016-01-01
Added
2018-06-27
Modified
2018-06-27
Description
The Content Security Policy hasn’t been declared either through the meta-tag or the header, so the browser's trust of the content received from the server can be exploited. Malicious scripts are executed by the victim's browser because the browser trusts the source of the content, even when it's not coming from where it seems to be coming from.
Solution
cspheaders-cspheaders-r01
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.